KASNEB CICT PART III SECTION 6 SYSTEMS SECURITY THURSDAY: 26 November 2015. Time Allowed: hours. Answer ALL questions. Marks allocated to each question are shown at the end of the question. QUESTION ONE (@) Citing an example. discuss a strategy for preventing cross-site scripting security attack. (4 marks) s that affect the normal operations of an information (b) Documenting evidence is important in handling incident communication technology (ICT) system, i) Explain two reasons for the importance of documenting evidence. (2 marks) \ii) Highlight wo aspects that should be recorded during evidence documentation process, (2 marks) (©) An orwanisation is looking for a firewall that could protec it from attacker's exploits such as buffer overflow. {i} Describe the type of firewall required t be implemented marks) Gi) Explain an advantage and a disadvantage ofthe firewall idemiied inc) (i above (marks) (4) Describe the security controls which fall under the following categories: Whar hey do (4 marks) (ii) What they are (4 marks) (Total: 20 marks) QUESTION TWO (a) Assess four security concerns in cloud computing. (4 marks) (b) The risk to information processing facilities in an organisation emanating from business processes that involve external third parties should be identified and appropriate controls implemented before granting access. Required: Summarise six issues to be considered when identifying risks related to extemal third party access to an organisation's information system. (6 marks) (©) A financial institution with several branch networks across Africa intends to exchange data between different servers located in various branches. The institution has sought for your advice in implementing encryption to enable them. achieve confidentiality, integrity and non-repudiation by cither the sender or recipient. Required: Discuss how the type of encryption that you recommend would assist in achieving confidentiality, integrity and non- repudiation, (4 marks) (4) A financial institution with branches across the country has requested you to Took into their network with an aim of eliminating the eyber attacks that have been reported in the recent past. The network should deny inbound access applications and allow some.type of remote access, Required: Explain the applications and technotogies that could be configured to achieve the required security (6 marks) (Total: 20 marks) CT61 Page 1 Out of 2QUESTION THREE (2) (i) Describea technique used by intruders to compromise integrity of audit tails. (3 marks) Gi) Explain two ways of protecting the integrity of audit trails. (2 marks) (b) Propose five physical access controls which an organisation could employ to protect its data, (5 marks) (©) Discuss six processes that are necessary for an effective forensic audit. (6 marks) (4) Highlight wo threats posed to a central database system by each of the following parties: (Users (2 marks) Gi) Programmers (2 marks) (Total: 20 marks) QUESTION FOUR (@) Analyse four methods of testing a disaster recovery plan (DRP) (4 marks) (©) Computer forensies is an investigative process. Required: (Explain why the intial response to computer security incident is crucial for forensic auditor. (2 marks) Gi) Summarise six activities for securing a suspected computer incidents scene. (6 marks) (©) As technology improves, users need to be constantly aware of the emerging risks to an organisation information system: Required: (i) Analyse four risks associated with owning smant gadgets and use of smart solutions. (4 marks) Gi) Suggest four viable solutions to the risks identified in (c) (i) above (4 marks) (Total: 20 marks) QUESITION FIVE {@) Explain how information communication technology could be used by terror groups. (marks) (©) Semmarise four activities that could be considered unethical if carried ut by system programmer. (4 marks) (©) You have been provided with router, firewall, intrusion detection and prevention system to secure a company's network Illustrate how you would place these items inthe network to enable secure internet access (4 marks) @ (4 marks) (© (Differentiate between “la and “ethics” as related to systems secur (4 marks) (i) Citing reason, state which one shoud be held higher between law and etic. (1 mark) (Total: 20 marks) CT61 Page? Out of 2